Last Updated: May 9, 2023
• ensuring the security of our IT systems, e.g., to counter specific attacks on our systems and detect attack patterns,
• ensuring proper operation of the Retail Media Platform and our IT systems, e.g. if errors occur that we can only rectify by storing the IP address,
• enabling criminal prosecution, averting of dangers as well as legal prosecution in the event of specific indication of criminal offenses.
Log data and the IP address are stored for a period of 30 days.
Log data are stored for a longer period in the event of specific indication of criminal offenses to enable criminal prosecution as well as legal prosecution in the event of specific indication of criminal offenses. In this case, the data will be deleted when the relevant procedures have been completed.The processing takes place to ensure the security of processing pursuant to Article 32 GDPR and based on our above-mentioned legitimate interests (Article 6(1)(f) GDPR).
To use the Retail Media Platform, you need to login to your user account. To register you for your user account we will process your email address that you or our customer for whom you are working has provided to us to set up your account and send you your initial password. We will then ask you to change the initial password to a password of your choice.To login to your account, you must provide the following mandatory information:
• Email address• Password
We disclose personal data to auditors, accounting service providers, lawyers, banks, tax consultants and similar bodies insofar as this is necessary for the provision of our services (Art 6(1)(b) GDPR) or the proper operation of our business (Art 6(1)(f) GDPR) or we are obliged to do so (Art 6(1)(c) GDPR).
If you do not wish that we store data in your local storage, you can configure your end device accordingly. Please note that in this case the functionalities of the Search Platform may no longer be available to you or only to a limited extent.
Sharing personal data is justified on the grounds that we have a legitimate interest in changing the form of our undertaking to align, whenever necessary, with the economic and legal particularities on the ground, Art 6(1)(f) GDPR.
We also process data in countries outside the European Economic Area (“EEA”), in so-called third countries, and/or transfer data to recipients in these third countries. The foregoing also includes the United States. Please note that, at present, there exists no adequacy decision of the EU Commission; that, in general, these third countries have an adequate level of data protection. In particular, there exists, at present, no adequacy decision of the EU Commission for the United States. Where we transfer personal data outside of the EEA, we will ensure one of the following requirements is fulfilled:
You can request further details about the safeguards that we have implemented, including, where applicable a copy of the standard contractual clauses by contacting us using our contact details provided in Section 1 above.
Your personal data will be processed for purposes other than those described only to the extent such is permitted by law or to the extent to which you have given your consent that your data can be processed for the purpose so changed. In the event your data are processed for purposes other than those for which the data were originally collected, but before those data are so processed, we will inform you of such other purposes and provide you with all further information material to such purpose(s).
Further storage of your personal data only occurs to the extent:
In these cases, the processing of your data is restricted. The data is then no longer available for further use.
Neither by law nor by contract are you required to provide your personal data.
To some extent, however, it is necessary that you provide personal data, so that we can provide you with our services and the features available on our Retail Media Platform. In particular, it is necessary that you provide your personal data, so that we can create and manage your user account for the Retail Media Platform and take into receipt and process any requests you send to us.
Wherever it is necessary for you to provide certain data, we have identified that data by making it a required field. Providing further data is voluntary. The consequence of not providing required data is that we will be unable to provide the relevant services and features, including, but not limited to, our inability to create or manage your account and to take into receipt and to process your requests.
Where voluntary information is concerned, the consequence of not providing such information will be that we will be unable to provide the relevant features and services or that we will be unable to provide them as they are intended to be provided.
We do not use automated processing processes to make decisions, including profiling.
Within the scope of Art 15 GDPR and Sec 34 BDSG, you have the right to obtain from us, at any time you request, access to the personal data concerning you. To exercise this right, you can submit your request by mail or via email by using the address given in Section 1 above.
You have the right to obtain from us without undue delay the rectification of any inaccurate personal data concerning you. To exercise this right, please use the contact address specified in Section 1 above.
Given the prerequisites described in Art 17 GDPR and Sec 35 BDSG, you have the right to obtain from us the erasure of personal data concerning you. In particular, these prerequisites prescribe a right of erasure, whenever the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed as well as in cases of unlawful processing, of the existence of an objection, or in case the data have to be erased for compliance with a legal obligation under European Union law or the law of any Member State, to which we are subject. To exercise your right set out in the foregoing, please use the contact address specified in Section 1 above.
Under Art 18 GDPR, you have the right to obtain from us the restriction of processing. This right exists in cases including, but not limited to, those in which the accuracy of the personal data is contested between you and us, for the period required to verify the accuracy, as well as in case you have a right to erasure, but request a restriction of processing instead of erasure; further in case the data are no longer necessary for the purposes pursued by us, but you need them to establish, to exercise, or to defend against legal claims, as well as if the successful exercise of an objection remains contested between us. To exercise your right as set out above, please use the contact address specified in Section 1 above.
Under Art 20 GDPR, you have the right to receive from us the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. To exercise your right as set out above, please use the contact address specified in Section 1 above.
Under Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which, inter alia, is based on point (e) or (f) of Article 6(1). We shall no longer process your personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
To the extent we process personal data concerning you for direct marketing purposes, including profiling, you have the right to object to such processing. Once you object, we will stop such processing.
Finally, we advise that we process the personal data transmitted by you, when you exercise your rights under Articles 15 through 22 GDPR, not only for the purpose of complying with these rights, but also so that we can demonstrate such compliance. This processing is based upon the legal basis of Article 6(1)(c) GDPR in conjunction with Articles 15 through 22 GDPR and § 34(2) BDSG.